Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Cyer police Sperre

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 15.11.2012, 13:52   #1
Krake
 
Cyer police Sperre - Standard

Cyer police Sperre



Ich habe heute morgen den Polizei Trojaner, der hier chon mehrfach erwähnt wurde, eingefangen. Ich habe auch schon mit Hilfe von OTL einen Scan durchgeführt.

Hilfe, wie geht es nun weiter???

Hier die LOG daten:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 11/15/2012 1:04:09 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 8.0.6001.19328)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 86.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.33 Gb Total Space | 211.08 Gb Free Space | 36.25% Space Free | Partition Type: NTFS
Drive D: | 596.17 Gb Total Space | 325.13 Gb Free Space | 54.54% Space Free | Partition Type: NTFS
Drive J: | 13.84 Gb Total Space | 1.95 Gb Free Space | 14.07% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012/07/20 07:00:51 | 002,635,776 | ---- | M] (Deutsche Telekom AG) [Auto] -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV:64bit: - [2011/11/23 07:02:07 | 000,012,800 | ---- | M] (Deutsche Telekom AG) [Auto] -- C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe -- (MCSWASVR)
SRV:64bit: - [2010/09/22 12:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/11/12 08:22:38 | 002,452,912 | ---- | M] (LogMeIn Inc.) [Auto] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/10/27 12:46:15 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/10 14:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/09 13:26:22 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/02 06:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/07/19 11:08:04 | 000,738,152 | ---- | M] (Tunngle.net GmbH) [On_Demand] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012/07/16 09:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe -- (NIS)
SRV - [2012/06/07 12:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/11/15 06:03:00 | 000,040,960 | ---- | M] () [Auto] -- C:\Users\Admin\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2011/06/29 08:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011/04/01 04:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 04:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/17 04:14:50 | 000,098,304 | ---- | M] (Firebird Project) [Auto] -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
SRV - [2010/09/17 04:14:42 | 003,735,552 | ---- | M] (Firebird Project) [On_Demand] -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2010/03/18 06:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/10 07:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/04/22 15:53:22 | 000,296,320 | ---- | M] () [Auto] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2009/04/22 15:53:22 | 000,116,104 | ---- | M] () [Auto] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/03 11:21:18 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/02/03 06:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/01/20 21:47:00 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 21:47:00 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/07/05 21:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\NISx64\1309000.009\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2012/07/05 21:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | System] -- C:\Windows\System32\Drivers\NISx64\1309000.009\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2012/06/06 23:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012/05/21 20:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\NISx64\1309000.009\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/04/17 21:13:32 | 000,445,560 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\System32\Drivers\NISx64\1309000.009\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2012/04/17 20:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2012/03/26 15:15:10 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/03/08 11:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/11/23 21:23:20 | 000,043,640 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2011/07/25 13:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\NISx64\1309000.009\symds64.sys -- (SymDS)
DRV:64bit: - [2011/07/07 18:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/10/25 11:04:46 | 000,384,616 | ---- | M] (Realtek                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2010/09/16 10:02:59 | 000,045,664 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand] -- C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys -- (TelekomNM6)
DRV:64bit: - [2010/08/28 14:21:28 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV:64bit: - [2010/05/15 08:55:14 | 000,318,152 | ---- | M] (EldoS Corporation) [Kernel | System] -- C:\Windows\System32\drivers\cbfs3.sys -- (cbfs3)
DRV:64bit: - [2010/03/15 03:38:46 | 000,161,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s1039mdm.sys -- (s1039mdm)
DRV:64bit: - [2010/03/15 03:38:46 | 000,158,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s1039unic.sys -- (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM)
DRV:64bit: - [2010/03/15 03:38:46 | 000,141,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s1039mgmt.sys -- (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2010/03/15 03:38:46 | 000,137,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s1039obex.sys -- (s1039obex)
DRV:64bit: - [2010/03/15 03:38:46 | 000,034,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s1039nd5.sys -- (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS)
DRV:64bit: - [2010/03/15 03:38:46 | 000,019,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s1039mdfl.sys -- (s1039mdfl)
DRV:64bit: - [2010/03/15 03:38:38 | 000,127,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s1039bus.sys -- (s1039bus) Sony Ericsson Device 1039 driver (WDM)
DRV:64bit: - [2009/10/20 11:20:36 | 000,114,608 | ---- | M] (Philips Applied Technologies) [Kernel | On_Demand] -- C:\Windows\System32\drivers\phaudlwr.sys -- (phaudlwr)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WpdUsb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/16 01:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV:64bit: - [2009/04/06 02:13:46 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2009/04/06 02:13:46 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2009/03/18 11:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/01/19 13:32:22 | 000,334,344 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2008/11/04 18:34:10 | 000,025,888 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand] -- C:\Program Files\PC-Doctor for Windows\pcd5srvc_x64.pkms -- (PCD5SRVC{8AAF211B-043E02A9-05040000})
DRV:64bit: - [2008/10/21 02:22:44 | 000,145,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV:64bit: - [2008/10/21 02:22:44 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex)
DRV:64bit: - [2008/10/21 02:22:44 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
DRV:64bit: - [2008/10/21 02:22:42 | 000,152,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm)
DRV:64bit: - [2008/10/21 02:22:42 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008/10/21 02:22:42 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV:64bit: - [2008/10/21 02:22:40 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV:64bit: - [2008/07/07 07:13:28 | 000,587,264 | ---- | M] (                                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SPC630.sys -- (SPC630)
DRV:64bit: - [2008/07/07 07:13:28 | 000,008,192 | ---- | M] (                                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SPC630m.sys -- (SPC630m)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV - [2012/11/15 03:19:48 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20121114.008\ex64.sys -- (NAVEX15)
DRV - [2012/11/15 03:19:48 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20121114.008\eng64.sys -- (NAVENG)
DRV - [2012/10/23 18:34:23 | 001,384,608 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20121106.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/08/31 19:27:23 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20121114.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/09 03:32:48 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2008/11/28 11:04:24 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/07/07 21:35:01] [Kernel | Auto] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de
IE - HKU\Admin_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - Reg Error: Key error. File not found
IE - HKU\Admin_ON_C\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - Reg Error: Key error. File not found
IE - HKU\Admin_ON_C\..\URLSearchHook: {c9508125-4747-4733-b048-e4b82dc9716d} - Reg Error: Key error. File not found
IE - HKU\Admin_ON_C\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - Reg Error: Key error. File not found
IE - HKU\Admin_ON_C\..\URLSearchHook: {fc01c2be-850b-4115-9b6b-9a427ddecc34} - Reg Error: Key error. File not found
IE - HKU\Admin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de
 
IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de
 
 
IE - HKU\UpdatusUser_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt
IE - HKU\UpdatusUser_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF64_11_4_402_287.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\19\NP_wtapp.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn\ [2012/02/01 06:15:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn\ [2012/11/15 06:40:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/06 16:23:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/09 03:31:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/09 03:31:41 | 000,000,000 | ---D | M]
 
[2012/10/27 12:46:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/27 12:46:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/10/27 12:46:15 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/16 06:43:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/03/05 07:58:13 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/10/16 06:43:29 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/16 06:43:29 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/10/16 06:43:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/10/28 12:47:51 | 000,002,520 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2012/10/16 06:43:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/10/16 06:43:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O2:64bit: - BHO: (SearchCore for Browsers) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\BrowserConnection.dll (Bandoo Media, inc)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Toolbar 3.0 der Telekom Browserhilfsobjekt) - {C9603180-FA5C-4DB0-A013-ADC60309AF82} - C:\Program Files\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (SearchCore for Browsers) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Toolbar 3.0 der Telekom Browserhilfsobjekt) - {C9603180-FA5C-4DB0-A013-ADC60309AF82} - C:\Program Files (x86)\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (Toolbar 3.0 der Telekom) - {2015C8D4-8534-48DB-B5FB-5C76291F080C} - C:\Program Files\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Toolbar 3.0 der Telekom) - {2015C8D4-8534-48DB-B5FB-5C76291F080C} - C:\Program Files (x86)\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKU\Admin_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\Admin_ON_C\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKU\Admin_ON_C\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation)
O3 - HKU\Admin_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\Admin_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files (x86)\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Admin\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKU\Admin_ON_C..\Run: [Facebook Update] C:\Users\Admin\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\Admin_ON_C..\Run: [gzkmgyckzfscuif] C:\ProgramData\gzkmgyck.exe ()
O4 - HKU\Admin_ON_C..\Run: [NortonUtilities] C:\Program Files (x86)\Norton Utilities 14\rmtray.exe (Symantec Corporation)
O4 - HKU\Admin_ON_C..\Run: [Sony Ericsson PC Companion] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Default\Start Menu\Programs\Startup\Meine Dienste.lnk = C:\Program Files\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG)
O4 - Startup: C:\Users\Default User\Start Menu\Programs\Startup\Meine Dienste.lnk = C:\Program Files\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\Admin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Admin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Admin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9:64bit: - Extra Button: Toolbar 3.0 der Telekom - {A9E70AB8-D4AB-44c3-88B8-E40491F08B50} - C:\Program Files\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Toolbar 3.0 der Telekom - {A9E70AB8-D4AB-44c3-88B8-E40491F08B50} - C:\Program Files (x86)\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - .DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15:64bit: - Admin_ON_C\..Trusted Domains: //@surf.mar@/ ([]money in Lokales Intranet)
O15:64bit: - Admin_ON_C\..Trusted Ranges: Range1 ([http] in Lokales Intranet)
O15:64bit: - UpdatusUser_ON_C\..Trusted Ranges: Range1 ([http] in )
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\datamngr.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (Bandoo Media, inc)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/11/15 04:30:02 | 000,000,000 | ---D | C] -- C:\ProgramData\juesofuqzenvnac
[2012/11/14 04:23:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/11/14 04:23:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012/11/10 07:39:33 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2012/11/10 07:39:33 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2012/11/10 07:39:33 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2012/11/10 07:39:33 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2012/11/10 07:39:33 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2012/11/10 07:39:33 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2012/11/10 07:39:32 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2012/11/10 07:39:32 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2012/11/10 07:39:32 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2012/11/10 07:39:31 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2012/11/10 07:39:31 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2012/11/10 07:39:30 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2012/11/10 07:39:27 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2012/11/10 07:39:27 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2012/11/10 07:39:26 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2012/11/10 07:39:26 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2012/11/10 07:39:25 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2012/11/10 07:39:22 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2012/11/10 07:39:18 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2012/11/10 07:39:18 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2012/11/10 07:39:18 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2012/11/10 07:39:18 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2012/11/10 07:39:18 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2012/11/10 07:39:18 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2012/11/10 07:39:18 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2012/11/10 07:39:18 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2012/11/10 07:39:17 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2012/11/10 07:39:17 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2012/11/10 07:39:17 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2012/11/10 07:39:17 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2012/11/10 07:39:16 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2012/11/10 07:39:16 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2012/11/10 07:32:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda Softworks
[2012/11/10 07:32:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
[2012/11/09 03:31:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/11/09 03:31:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/11/09 03:31:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/11/06 18:05:59 | 000,000,000 | ---D | C] -- D:\UseNeXT
[2012/11/06 18:05:57 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\UseNeXT
[2012/11/06 18:05:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT
[2012/11/06 18:05:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UseNeXT
[2012/10/29 08:00:19 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Chromium
[2012/10/27 12:46:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/25 08:01:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Netzmanager
[2012/10/25 08:01:05 | 000,000,000 | ---D | C] -- C:\Program Files\Netzmanager
[2012/10/25 08:00:57 | 000,000,000 | -H-D | C] -- C:\ProgramData\{87B61FE8-334F-4066-B7AA-68DC81782D4D}
[2012/10/24 21:12:26 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2012/10/24 21:12:26 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2012/10/23 11:12:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/10/19 13:23:51 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\.minecraft
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/11/15 06:46:04 | 001,597,552 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2012/11/15 06:46:04 | 000,685,402 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/11/15 06:46:04 | 000,643,826 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/15 06:46:04 | 000,150,366 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/11/15 06:46:04 | 000,123,650 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/15 06:46:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4F792399-00DE-4408-A6C9-82E91FDAB779}.job
[2012/11/15 06:39:27 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/15 06:39:27 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/15 06:38:25 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/15 06:38:10 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/11/15 06:38:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/15 05:57:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-355835961-2044894735-1737668965-1000UA.job
[2012/11/15 05:03:16 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{DFFE065E-566A-40E0-86BD-A9E3B906FFE7}.job
[2012/11/15 04:35:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/15 04:30:02 | 000,076,360 | ---- | M] () -- C:\ProgramData\egabnywdhryaovg
[2012/11/15 04:29:56 | 000,062,976 | ---- | M] () -- C:\ProgramData\gzkmgyck.exe
[2012/11/15 04:26:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/14 17:16:25 | 006,220,479 | -H-- | M] () -- C:\Users\Admin\AppData\Local\IconCache.db
[2012/11/14 14:00:00 | 000,000,482 | ---- | M] () -- C:\Windows\tasks\WinMaximizer-Admin-Scheduled.job
[2012/11/14 04:23:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/11/11 17:57:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-355835961-2044894735-1737668965-1000Core.job
[2012/11/10 07:32:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
[2012/11/09 03:31:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/11/08 12:55:22 | 000,000,818 | ---- | M] () -- C:\Users\Admin\Desktop\Probenplan November.lnk
[2012/11/06 18:05:49 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT
[2012/10/25 08:01:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Netzmanager
[2012/10/24 21:12:26 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2012/10/24 21:12:26 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2012/10/23 15:53:26 | 952,709,964 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/10/23 11:35:27 | 000,003,072 | ---- | M] () -- C:\Windows\SysWow64\Cache.db
[2012/10/23 11:12:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/10/20 16:42:12 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/11/15 04:30:01 | 000,062,976 | ---- | C] () -- C:\ProgramData\gzkmgyck.exe
[2012/11/15 04:29:59 | 000,076,360 | ---- | C] () -- C:\ProgramData\egabnywdhryaovg
[2012/11/08 12:54:37 | 000,000,818 | ---- | C] () -- C:\Users\Admin\Desktop\Probenplan November.lnk
[2012/07/14 07:30:18 | 000,000,021 | ---- | C] () -- C:\Users\Admin\AppData\Local\mc.pixel.data
[2012/07/05 17:39:57 | 000,000,040 | ---- | C] () -- C:\ProgramData\usymmvonoipbtvm
[2012/07/03 11:25:08 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2012/06/03 14:43:38 | 000,000,018 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\sys386ll.dat
[2012/06/03 14:43:02 | 000,000,010 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\hhxprot5
[2012/05/23 11:13:30 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\Input.xml
[2012/05/23 11:13:04 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\Settings.xml
[2012/05/12 04:49:35 | 000,021,465 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\UserTile.png
[2012/03/05 07:58:34 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/03/05 07:58:34 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/09/19 06:06:51 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{58F6FC5F-FEC9-418C-8075-0BF341269AC3}
[2011/09/19 06:02:47 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{8736F569-73D5-4898-96B6-B2D8DB928A71}
[2011/09/19 05:23:44 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{DF0A3EEA-4AA8-4A1B-AE05-9F215F5160AB}
[2011/09/14 19:28:30 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{02167C78-4221-4EF1-8BED-10488DD27494}
[2011/09/14 19:24:29 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{F9879DDA-B2A0-4F45-B0B9-1DECC9BB181E}
[2011/09/10 20:13:06 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{9BAD74EB-684E-4A22-9B27-6CC7C823BED6}
[2011/09/10 20:07:50 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{8E78CD8E-D762-426A-9279-909FAF8ECC4E}
[2011/08/29 17:43:10 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{74BFA37D-F269-49F6-B6BC-996C94354BCC}
[2011/08/29 17:37:15 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{81695A4E-F852-44C0-A813-A8231CCF60B9}
[2011/08/23 05:51:11 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{15720912-6FCD-42F3-B350-446A6B9CA70E}
[2011/08/22 12:43:31 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{1765520F-AE10-433A-8174-8F45E752081F}
[2011/08/20 21:03:47 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{F8729B31-FDB2-4FD0-AB4A-B3829AE20972}
[2011/03/28 07:20:54 | 006,220,479 | -H-- | C] () -- C:\Users\Admin\AppData\Local\IconCache.db
[2010/12/06 01:54:20 | 000,000,170 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2010/12/06 01:52:32 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll
[2010/03/15 05:25:34 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/03/13 09:00:20 | 000,000,035 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010/03/11 10:11:54 | 000,039,125 | ---- | C] () -- C:\Windows\iccsigs.dat
[2010/03/10 11:22:10 | 000,000,038 | ---- | C] () -- C:\Windows\wininit.ini
[2010/02/20 15:52:53 | 000,000,093 | ---- | C] () -- C:\Users\Admin\AppData\Local\fusioncache.dat
[2010/02/10 14:54:32 | 001,576,622 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/01/29 04:37:23 | 000,000,000 | ---- | C] () -- C:\Windows\longfile.INI
[2010/01/29 04:37:13 | 001,371,436 | R--- | C] () -- C:\Windows\SysWow64\VBAR2132.DLL
[2010/01/29 04:33:03 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\scpext.dll
[2009/11/17 17:08:56 | 000,699,183 | ---- | C] () -- C:\Users\Admin\AppData\Local\tmpDSCI0434.1
[2009/11/17 17:08:50 | 000,699,194 | ---- | C] () -- C:\Users\Admin\AppData\Local\tmpDSCI0434.JPG
[2009/11/17 17:08:49 | 001,826,773 | ---- | C] () -- C:\Users\Admin\AppData\Local\tmpDSCI0434.0
[2009/10/22 12:02:55 | 000,007,207 | R--- | C] () -- C:\Windows\Disktool.INI
[2009/10/22 12:02:55 | 000,003,677 | R--- | C] () -- C:\Windows\PlaySnd.INI
[2009/10/10 11:43:39 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll
[2009/10/09 09:34:29 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\CleanFFB.exe
[2009/09/19 12:42:56 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/19 12:42:35 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/09/19 12:42:15 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/09/19 09:20:30 | 000,556,846 | ---- | C] () -- C:\Users\Admin\AppData\Local\tmpDSC_0585_1519.JPG
[2009/09/19 09:20:01 | 000,005,625 | ---- | C] () -- C:\Users\Admin\AppData\Local\tmpDSC_0585_1519_navi.JPG
[2009/09/19 09:19:57 | 000,542,964 | ---- | C] () -- C:\Users\Admin\AppData\Local\tmpDSC_0585_1519.1
[2009/09/19 09:19:51 | 002,269,594 | ---- | C] () -- C:\Users\Admin\AppData\Local\tmpDSC_0585_1519.0
[2009/08/12 16:06:19 | 000,000,680 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2009/07/26 10:17:22 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Flange Saw
[2009/07/26 10:17:22 | 000,000,268 | RH-- | C] () -- C:\Users\Admin\AppData\Roaming\Filesystems
[2009/07/26 10:17:22 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2009/07/26 10:17:22 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Frameworks
[2009/07/26 10:12:54 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Filters
[2009/07/26 10:12:54 | 000,000,268 | RH-- | C] () -- C:\Users\Admin\AppData\Roaming\External Build System
[2009/07/26 10:12:53 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2009/07/26 10:12:53 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Folder Actions Handlers
[2009/07/07 14:30:19 | 000,170,087 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009/07/07 08:10:20 | 000,146,214 | ---- | C] () -- C:\Windows\hpoins18.dat
[2009/07/07 08:10:03 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2009/07/07 02:57:24 | 000,053,760 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/06 12:05:28 | 000,002,188 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps64.dat
[2009/07/06 10:21:59 | 000,153,360 | ---- | C] () -- C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/02/04 22:09:13 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/02/04 14:46:59 | 000,000,428 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2009/02/04 13:52:02 | 000,354,816 | ---- | C] () -- C:\Windows\SysWow64\pythoncom26.dll
[2009/02/04 13:52:02 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\pywintypes26.dll
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/03/01 01:00:00 | 000,016,473 | ---- | C] () -- C:\Windows\SysWow64\SELF32.INI
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 10:07:25 | 000,037,665 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 10:07:25 | 000,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 10:07:25 | 000,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 10:07:25 | 000,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 10:02:31 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:37:06 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini
[2006/11/02 07:34:27 | 000,000,254 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 07:34:27 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2004/11/04 03:19:14 | 000,006,399 | R--- | C] () -- C:\Windows\fwupgrade.ini
 
========== LOP Check ==========
 
[2012/11/11 04:10:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\.minecraft
[2012/03/21 07:43:25 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\.spoutcraft
[2009/08/27 11:17:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Amazon
[2012/03/05 07:58:11 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Babylon
[2010/06/23 11:01:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\BloodTies
[2009/09/15 03:18:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\CoSoSys
[2010/07/29 07:21:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DarkParablesBriarRoseSE_BFG
[2010/01/11 08:35:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Desktopicon
[2011/08/13 06:39:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\digital publishing
[2010/09/21 07:12:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\elsterformular
[2012/01/26 15:14:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Festo
[2011/12/07 08:57:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FOG Downloader
[2009/08/07 15:24:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\funkitron
[2012/01/31 07:33:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Gaijin Ent
[2012/08/21 06:38:08 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\GARMIN
[2012/01/27 11:15:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Gogii
[2012/06/03 14:43:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Haushaltsbuch 5
[2012/04/12 03:33:53 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Image Zone Express
[2009/07/06 15:01:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\IrfanView
[2011/11/15 11:23:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\kikin
[2012/04/05 13:46:50 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\loadtbs
[2009/07/08 08:50:36 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Magic Academy
[2009/12/14 16:55:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MastersOfMystery2
[2012/08/18 07:00:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
[2012/06/30 06:18:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
[2010/06/01 09:15:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Meridian93
[2012/05/22 09:05:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mkvtoolnix
[2010/03/14 08:26:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\muvee Technologies
[2011/05/25 04:39:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MyHeritage
[2010/06/23 11:11:21 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Nevosoft Games
[2009/07/26 10:35:11 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Nikon
[2011/11/15 06:03:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OCS
[2011/11/15 06:03:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Opera
[2010/05/08 14:14:42 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Peace Craft
[2012/05/12 04:49:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PeerNetworking
[2010/06/22 10:44:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PlayFirst
[2010/07/27 15:43:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PoBros
[2009/08/01 04:53:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Printer Info Cache
[2011/02/05 03:52:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ProtectDisc
[2010/06/19 10:05:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Settlement. Colossus
[2012/05/10 07:30:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SKAT
[2010/08/28 14:15:01 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Sony
[2011/12/18 12:09:46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SPORE
[2010/08/28 11:49:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Teleca
[2012/02/23 09:42:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TestApp
[2010/12/06 01:52:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\The Complete Genealogy Reporter - FTB
[2012/05/21 08:24:06 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TS3Client
[2012/07/30 09:28:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Tunngle
[2010/11/15 13:08:37 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Turbine
[2012/11/06 18:57:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\UseNeXT
[2010/05/20 12:19:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\V-Games
[2010/05/19 12:11:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\VampireSaga
[2012/06/08 08:11:06 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WildTangent
[2009/07/07 14:33:06 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WinBatch
[2010/07/31 11:47:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Alawar Stargaze
[2012/01/27 11:15:03 | 000,000,000 | ---D | M] -- C:\ProgramData\AlawarWrapper
[2009/07/06 10:12:46 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2012/07/12 03:25:26 | 000,000,000 | ---D | M] -- C:\ProgramData\Ask
[2011/04/08 05:38:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Avanquest
[2012/03/05 07:58:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
[2010/01/20 11:46:19 | 000,000,000 | ---D | M] -- C:\ProgramData\BewerbungsMaster
[2011/10/29 02:56:29 | 000,000,000 | ---D | M] -- C:\ProgramData\boost_interprocess
[2010/08/28 11:57:46 | 000,000,000 | ---D | M] -- C:\ProgramData\BVRP Software
[2010/07/29 14:35:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Deadtime Stories
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2012/02/13 13:13:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Divinity 2
[2011/12/07 09:12:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Divinity 2 DKS
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009/07/06 10:12:46 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010/10/15 08:45:47 | 000,000,000 | ---D | M] -- C:\ProgramData\Driver Whiz
[2011/09/06 10:46:40 | 000,000,000 | -HSD | M] -- C:\ProgramData\DSS
[2011/06/07 08:02:20 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Core
[2012/07/26 05:17:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2010/09/21 06:42:14 | 000,000,000 | ---D | M] -- C:\ProgramData\elsterformular
[2009/07/26 10:17:22 | 000,000,000 | ---D | M] -- C:\ProgramData\EnterNHelp
[2009/07/10 04:28:44 | 000,000,000 | ---D | M] -- C:\ProgramData\EscapeTheMuseum
[2009/07/06 10:12:46 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012/01/26 15:16:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Festo
[2012/08/08 16:39:45 | 000,000,000 | ---D | M] -- C:\ProgramData\firebird
[2011/06/01 07:28:55 | 000,000,000 | ---D | M] -- C:\ProgramData\Firefly Studios
[2010/05/21 10:56:59 | 000,000,000 | ---D | M] -- C:\ProgramData\GAMEON
[2012/08/20 07:40:24 | 000,000,000 | ---D | M] -- C:\ProgramData\GARMIN
[2010/02/20 16:04:23 | 000,000,000 | ---D | M] -- C:\ProgramData\HipSoft
[2012/03/28 11:29:57 | 000,000,000 | ---D | M] -- C:\ProgramData\InstallMate
[2010/07/27 15:27:52 | 000,000,000 | ---D | M] -- C:\ProgramData\JollyBear
[2012/11/15 04:30:03 | 000,000,000 | ---D | M] -- C:\ProgramData\juesofuqzenvnac
[2010/03/27 06:54:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Kingdom
[2010/03/26 14:36:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Kristanix Games
[2010/06/01 09:15:42 | 000,000,000 | ---D | M] -- C:\ProgramData\Meridian93
[2011/12/30 15:45:18 | 000,000,000 | ---D | M] -- C:\ProgramData\mquadr.at
[2010/03/14 07:23:56 | 000,000,000 | ---D | M] -- C:\ProgramData\muvee Technologies
[2011/05/25 04:41:26 | 000,000,000 | ---D | M] -- C:\ProgramData\MyHeritage
[2012/10/25 08:01:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Netzmanager
[2009/09/06 10:15:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Newsoft
[2009/07/26 10:16:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Nikon
[2010/05/08 14:10:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Oberon Media
[2009/02/04 14:36:56 | 000,000,000 | ---D | M] -- C:\ProgramData\PC-Doctor
[2009/02/04 14:36:55 | 000,000,000 | ---D | M] -- C:\ProgramData\PC-Doctor for Windows
[2010/06/22 10:44:47 | 000,000,000 | ---D | M] -- C:\ProgramData\PlayFirst
[2010/11/09 15:30:54 | 000,000,000 | ---D | M] -- C:\ProgramData\PMB Files
[2010/07/27 15:43:09 | 000,000,000 | ---D | M] -- C:\ProgramData\PoBros
[2012/03/28 11:19:33 | 000,000,000 | ---D | M] -- C:\ProgramData\Premium
[2009/09/08 07:48:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Sandlot Games
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009/07/06 10:12:46 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2012/01/08 11:34:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Tarma Installer
[2012/10/23 11:35:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2012/07/14 07:34:33 | 000,000,000 | ---D | M] -- C:\ProgramData\tmp
[2012/08/06 11:52:09 | 000,000,000 | ---D | M] -- C:\ProgramData\Tunngle
[2010/10/15 08:46:13 | 000,000,000 | ---D | M] -- C:\ProgramData\UAB
[2009/07/26 10:17:22 | 000,000,000 | ---D | M] -- C:\ProgramData\Ultima_T15
[2009/07/06 10:12:46 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2012/06/08 08:11:47 | 000,000,000 | ---D | M] -- C:\ProgramData\WildTangent
[2011/07/26 17:36:27 | 000,000,000 | ---D | M] -- C:\ProgramData\WinMaximizer
[2011/10/28 12:48:15 | 000,000,000 | -H-D | M] -- C:\ProgramData\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}
[2012/10/25 08:01:09 | 000,000,000 | -H-D | M] -- C:\ProgramData\{87B61FE8-334F-4066-B7AA-68DC81782D4D}
[2012/10/25 08:00:46 | 000,000,000 | -H-D | M] -- C:\ProgramData\{DD034EDF-8A92-4F84-A64A-26BF9B7AE354}
[2012/11/11 17:57:00 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-355835961-2044894735-1737668965-1000Core.job
[2012/11/15 05:57:01 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-355835961-2044894735-1737668965-1000UA.job
[2012/10/20 16:42:12 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2012/11/15 05:18:55 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/11/15 06:46:00 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4F792399-00DE-4408-A6C9-82E91FDAB779}.job
[2012/11/15 05:03:16 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{DFFE065E-566A-40E0-86BD-A9E3B906FFE7}.job
[2012/11/14 14:00:00 | 000,000,482 | ---- | M] () -- C:\Windows\Tasks\WinMaximizer-Admin-Scheduled.job
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2012/07/27 09:11:06 | 000,045,041 | ---- | M] ()(C:\Users\Admin\Desktop\mama eule ?.jpg) -- C:\Users\Admin\Desktop\mama eule ♥.jpg
[2012/07/27 09:11:06 | 000,045,041 | ---- | C] ()(C:\Users\Admin\Desktop\mama eule ?.jpg) -- C:\Users\Admin\Desktop\mama eule ♥.jpg
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:1013B07C
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:9CB2B6C5
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:D287FACF
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:794BB94F
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:9C5E2795
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:204BEE0F
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:940ECC98
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:687D1056
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:8F925134
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:D93DCF15
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:5425B7F5
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:D44D0CA3
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1
< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 11/15/2012 1:04:09 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 8.0.6001.19328)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 86.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.33 Gb Total Space | 211.08 Gb Free Space | 36.25% Space Free | Partition Type: NTFS
Drive D: | 596.17 Gb Total Space | 325.13 Gb Free Space | 54.54% Space Free | Partition Type: NTFS
Drive J: | 13.84 Gb Total Space | 1.95 Gb Free Space | 14.07% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Telekom Fotoservice] -- "C:\Program Files (x86)\Online Services\Telekom Fotoservice\Telekom Fotoservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Telekom Fotoservice] -- "C:\Program Files (x86)\Online Services\Telekom Fotoservice\Telekom Fotoservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = EE C5 D6 81 58 39 CA 01  [binary data]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{51DDB4F9-7FFF-4970-AED4-DB3C22A5C522}" = Corel Graphics - Windows Shell Extension 64 Bit
"{52D530AD-5CCA-48dc-B6F0-6D14652B0291}" = AIO_CDA_ToolboxIni64
"{550331CC-C34B-494F-BCDA-37CE4EF6E924}" = Garmin Communicator Plugin x64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{78F697ED-EC97-4D8D-881D-838984EA9855}" = 64 Bit HP CIO Components Installer
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F1568AA6-5982-4AFB-A871-C68E4328BC3B}" = HP MediaSmart SmartMenu
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0)
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"Mediencenter Software" = Mediencenter Assistent
"Meine Dienste Software" = Meine Dienste Software
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"OfficeTrial" = Testversion von Microsoft Office Home and Student 2007
"PC-Doctor for Windows" = Hardware Diagnose Tools
"SearchAnonymizer" = SearchAnonymizer
"Toolbar3 x64_is1" = Toolbar 3.0 der Telekom x64
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{51DDB4F9-7FFF-4970-AED4-DB3C22A5C522}" = Corel Graphics - Windows Shell Extension 64 Bit
"{52D530AD-5CCA-48dc-B6F0-6D14652B0291}" = AIO_CDA_ToolboxIni64
"{550331CC-C34B-494F-BCDA-37CE4EF6E924}" = Garmin Communicator Plugin x64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{78F697ED-EC97-4D8D-881D-838984EA9855}" = 64 Bit HP CIO Components Installer
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F1568AA6-5982-4AFB-A871-C68E4328BC3B}" = HP MediaSmart SmartMenu
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0)
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"Mediencenter Software" = Mediencenter Assistent
"Meine Dienste Software" = Meine Dienste Software
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"OfficeTrial" = Testversion von Microsoft Office Home and Student 2007
"PC-Doctor for Windows" = Hardware Diagnose Tools
"SearchAnonymizer" = SearchAnonymizer
"Toolbar3 x64_is1" = Toolbar 3.0 der Telekom x64
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\Admin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = aTube Toolbar Updater
"32 Vegas Casino" = 21Nova Casino
"Casino King" = Casino King
"EuroGrand Casino" = EuroGrand Casino
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Noble Casino" = Noble Casino
"Swiss Casino" = Swiss Casino
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"William Hill CASINO CLUB" = William Hill CASINO CLUB
 
< End of report >
         
--- --- ---

Geändert von Krake (15.11.2012 um 14:08 Uhr)

Alt 15.11.2012, 14:59   #2
Psychotic
/// Malwareteam
 
Cyer police Sperre - Standard

Cyer police Sperre





Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
  1. Bitte arbeite alle Schritte der Reihe nach ab.
  2. Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
  3. Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
  4. Bitte kein Crossposting (posten in mehreren Foren) - wenn du die Anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
  5. Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
  6. Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!

    ...und ganz wichtig:

  7. Poste die Logfiles mit code-tags (das #-Symbol oben im Antwortfenster) in deinen Thread! Nicht anhängen, außer, ich fordere dich dazu auf. (Erschwert mir nämlich das Auswerten).


Vista und Win7 User
Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten.



Schritt 1: Fix mit OTLPE


  • An einem anderen PC, klicke auf Start-->ausführen.
  • Schreibe Notepad in die Textbox, klicke OK.
  • Kopiere nun den Inhalt der folgenden Codebox vollständig in das leere Textdokument:
    Code:
    ATTFilter
    :OTL
    O4 - HKU\Admin_ON_C..\Run: [gzkmgyckzfscuif] C:\ProgramData\gzkmgyck.exe ()
    :FILES
    C:\ProgramData\juesofuqzenvnac
    C:\ProgramData\egabnywdhryaovg
    C:\ProgramData\usymmvonoipbtvm
    @Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:1013B07C
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:9CB2B6C5
    @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:D287FACF
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:794BB94F
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:9C5E2795
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:204BEE0F
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:940ECC98
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:687D1056
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:8F925134
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:D93DCF15
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:5425B7F5
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:D44D0CA3
    @Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1
    :COMMANDS
    [EMPTYTEMP]
             
  • Speichere die Datei als fix.txt auf einem USB-Stick.
  • Am infizierten Rechner, schließe den USB-Stick an, boote OTLPEN.
  • Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
  • Mache einen Doppelklick auf das OTLPE Icon.
  • Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
  • Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
  • Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
  • OTLpe sollte nun starten.
  • Klicke nun bitte auf den Fix Button.
  • Lade die fix.txt von deinem Stick.
  • Klicke den Fix-Button.
  • Starte Windows nun normal. Es sollte sich eine OTL.txt öffnen, poste deren Inhalt in deinem nächsten Thread.


Starte nun den Rechner im normalen Modus. Melde dich, falls dies nicht funktioniert!




Schritt 2: defogger



Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
  • Starte das Tool mit Doppelklick.
    Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Klicke nun auf den Disable Button um die Treiber gewisser Emulatoren zu deaktivieren.
  • Wenn der Scan beendet wurde ( Finished ), klicke auf OK.
  • Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
Sollte Defogger eine Fehlermeldung ausgeben, poste bitte die defogger_disable Log von deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung.




Schritt 3: aswMBR


Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen ) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.




Schritt 4: Scan mit TDSS-Killer



Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.


Schritt 5: OTL




Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
  • Doppelklick auf die OTL.exe
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 15.11.2012, 16:40   #3
Krake
 
Cyer police Sperre - Standard

Cyer police Sperre



Ich komme nicht auf das Laufgwerk des Sticks um die TXT Datei zu laden

folgende funktioniert:
Speichere die Datei als fix.txt auf einem USB-Stick.
Am infizierten Rechner, schließe den USB-Stick an, boote OTLPEN.
Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
Mache einen Doppelklick auf das OTLPE Icon.
Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
OTLpe sollte nun starten.
Klicke nun bitte auf den Fix Button.
Lade die fix.txt von deinem Stick.

Ein Text lädt sich im OTLpefenster und dann geht nix mehr. Ich habe den Ablauf mehrfach versucht. Jedesmal hängt sich der PC auf. Er reagiert nicht und daher kann ich den Fix Button kein 2.te mal aktivieren.

Was ist nun zu tun??

Ein OTL Text ist hier:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 11/15/2012 7:03:00 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 8.0.6001.19328)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.33 Gb Total Space | 211.11 Gb Free Space | 36.25% Space Free | Partition Type: NTFS
Drive D: | 596.17 Gb Total Space | 325.13 Gb Free Space | 54.54% Space Free | Partition Type: NTFS
Drive J: | 13.84 Gb Total Space | 1.95 Gb Free Space | 14.07% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012/07/20 07:00:51 | 002,635,776 | ---- | M] (Deutsche Telekom AG) [Auto] -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV:64bit: - [2011/11/23 07:02:07 | 000,012,800 | ---- | M] (Deutsche Telekom AG) [Auto] -- C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe -- (MCSWASVR)
SRV:64bit: - [2010/09/22 12:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/11/12 08:22:38 | 002,452,912 | ---- | M] (LogMeIn Inc.) [Auto] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/10/27 12:46:15 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/10 14:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/09 13:26:22 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/02 06:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/07/19 11:08:04 | 000,738,152 | ---- | M] (Tunngle.net GmbH) [On_Demand] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012/07/16 09:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe -- (NIS)
SRV - [2012/06/07 12:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/11/15 06:03:00 | 000,040,960 | ---- | M] () [Auto] -- C:\Users\Admin\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2011/06/29 08:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011/04/01 04:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 04:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/17 04:14:50 | 000,098,304 | ---- | M] (Firebird Project) [Auto] -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
SRV - [2010/09/17 04:14:42 | 003,735,552 | ---- | M] (Firebird Project) [On_Demand] -- C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2010/03/18 06:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/10 07:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/04/22 15:53:22 | 000,296,320 | ---- | M] () [Auto] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2009/04/22 15:53:22 | 000,116,104 | ---- | M] () [Auto] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/03 11:21:18 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/02/03 06:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/01/20 21:47:00 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 21:47:00 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/07/05 21:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\NISx64\1309000.009\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2012/07/05 21:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | System] -- C:\Windows\System32\Drivers\NISx64\1309000.009\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2012/06/06 23:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012/05/21 20:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot] -- C:\Windows\System32\drivers\NISx64\1309000.009\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/04/17 21:13:32 | 000,445,560 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\System32\Drivers\NISx64\1309000.009\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2012/04/17 20:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2012/03/26 15:15:10 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/03/08 11:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/11/23 21:23:20 | 000,043,640 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2011/07/25 13:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\NISx64\1309000.009\symds64.sys -- (SymDS)
DRV:64bit: - [2011/07/07 18:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/10/25 11:04:46 | 000,384,616 | ---- | M] (Realtek                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2010/09/16 10:02:59 | 000,045,664 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand] -- C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys -- (TelekomNM6)
DRV:64bit: - [2010/08/28 14:21:28 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV:64bit: - [2010/05/15 08:55:14 | 000,318,152 | ---- | M] (EldoS Corporation) [Kernel | System] -- C:\Windows\System32\drivers\cbfs3.sys -- (cbfs3)
DRV:64bit: - [2010/03/15 03:38:46 | 000,161,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s1039mdm.sys -- (s1039mdm)
DRV:64bit: - [2010/03/15 03:38:46 | 000,158,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s1039unic.sys -- (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM)
DRV:64bit: - [2010/03/15 03:38:46 | 000,141,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s1039mgmt.sys -- (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2010/03/15 03:38:46 | 000,137,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s1039obex.sys -- (s1039obex)
DRV:64bit: - [2010/03/15 03:38:46 | 000,034,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s1039nd5.sys -- (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS)
DRV:64bit: - [2010/03/15 03:38:46 | 000,019,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s1039mdfl.sys -- (s1039mdfl)
DRV:64bit: - [2010/03/15 03:38:38 | 000,127,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s1039bus.sys -- (s1039bus) Sony Ericsson Device 1039 driver (WDM)
DRV:64bit: - [2009/10/20 11:20:36 | 000,114,608 | ---- | M] (Philips Applied Technologies) [Kernel | On_Demand] -- C:\Windows\System32\drivers\phaudlwr.sys -- (phaudlwr)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WpdUsb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/16 01:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV:64bit: - [2009/04/06 02:13:46 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2009/04/06 02:13:46 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2009/03/18 11:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/01/19 13:32:22 | 000,334,344 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2008/11/04 18:34:10 | 000,025,888 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand] -- C:\Program Files\PC-Doctor for Windows\pcd5srvc_x64.pkms -- (PCD5SRVC{8AAF211B-043E02A9-05040000})
DRV:64bit: - [2008/10/21 02:22:44 | 000,145,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV:64bit: - [2008/10/21 02:22:44 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex)
DRV:64bit: - [2008/10/21 02:22:44 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
DRV:64bit: - [2008/10/21 02:22:42 | 000,152,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm)
DRV:64bit: - [2008/10/21 02:22:42 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008/10/21 02:22:42 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV:64bit: - [2008/10/21 02:22:40 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV:64bit: - [2008/07/07 07:13:28 | 000,587,264 | ---- | M] (                                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SPC630.sys -- (SPC630)
DRV:64bit: - [2008/07/07 07:13:28 | 000,008,192 | ---- | M] (                                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SPC630m.sys -- (SPC630m)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV - [2012/11/15 03:19:48 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20121114.008\ex64.sys -- (NAVEX15)
DRV - [2012/11/15 03:19:48 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20121114.008\eng64.sys -- (NAVENG)
DRV - [2012/10/23 18:34:23 | 001,384,608 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20121106.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/08/31 19:27:23 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20121114.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/09 03:32:48 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2008/11/28 11:04:24 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/07/07 21:35:01] [Kernel | Auto] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de
IE - HKU\Admin_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - Reg Error: Key error. File not found
IE - HKU\Admin_ON_C\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - Reg Error: Key error. File not found
IE - HKU\Admin_ON_C\..\URLSearchHook: {c9508125-4747-4733-b048-e4b82dc9716d} - Reg Error: Key error. File not found
IE - HKU\Admin_ON_C\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - Reg Error: Key error. File not found
IE - HKU\Admin_ON_C\..\URLSearchHook: {fc01c2be-850b-4115-9b6b-9a427ddecc34} - Reg Error: Key error. File not found
IE - HKU\Admin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de
 
IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de
 
 
IE - HKU\UpdatusUser_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=92&bd=Pavilion&pf=cndt
IE - HKU\UpdatusUser_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?AF=109867&babsrc=HP_ss&mntrId=52af82fa00000000000000248c6cb188"
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF64_11_4_402_287.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\19\NP_wtapp.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Admin\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn\ [2012/02/01 06:15:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn\ [2012/11/15 12:29:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/06 16:23:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/09 03:31:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/09 03:31:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/09 03:31:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/09 03:31:41 | 000,000,000 | ---D | M]
 
[2011/10/28 12:47:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions
[2012/10/25 11:22:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\extensions
[2012/08/21 04:30:12 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/11/24 00:57:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/08/21 12:13:05 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2011/10/28 12:47:54 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2012/01/18 13:54:51 | 000,000,000 | ---D | M] (kikin plugin) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
[2012/08/22 03:48:56 | 000,000,000 | ---D | M] (InnoGames Community Toolbar) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\extensions\{c7478d43-2bd5-4844-98b8-c2a6aa9ed677}
[2012/08/21 12:13:04 | 000,000,000 | ---D | M] (PHPNukeDE Community Toolbar) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\extensions\{c9508125-4747-4733-b048-e4b82dc9716d}
[2012/09/07 15:58:06 | 000,000,000 | ---D | M] (DieStaemme Community Toolbar) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\extensions\{e0dcd7a1-949c-490a-bd7b-d733c2bda820}
[2010/02/10 04:41:02 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2011/10/05 06:47:18 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\extensions\2020Player_IKEA@2020Technologies.com
[2012/10/07 11:30:46 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\extensions\crossriderapp2258@crossrider.com
[2011/08/13 06:38:51 | 000,000,000 | ---D | M] (dp Launcher Plugin) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\extensions\dplauncher@digitalpublishing.de
[2012/10/25 11:22:50 | 000,000,000 | ---D | M] ("Inbox Toolbar") -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\extensions\inboxcomtoolbar@inbox.com
[2012/01/08 11:34:53 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\extensions\plugin@yontoo.com
[2012/10/07 11:30:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\extensions\crossriderapp2258@crossrider.com\chrome\content\extensionCode
[2012/10/11 05:16:31 | 000,000,911 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\searchplugins\11-suche.xml
[2012/08/15 11:50:21 | 000,002,331 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\searchplugins\askcom.xml
[2011/11/15 06:03:04 | 000,001,123 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\searchplugins\conduit.xml
[2012/10/11 05:16:32 | 000,002,273 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\searchplugins\englische-ergebnisse.xml
[2012/08/27 05:16:27 | 000,004,400 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\searchplugins\faroo.xml
[2012/10/11 05:16:31 | 000,010,563 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\searchplugins\gmx-suche.xml
[2012/10/11 05:16:32 | 000,002,432 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\searchplugins\lastminute.xml
[2012/01/19 08:23:26 | 000,002,203 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\searchplugins\MyStart Search.xml
[2011/11/15 06:03:04 | 000,002,663 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\searchplugins\safesearch.xml
[2011/10/28 12:47:51 | 000,002,520 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\searchplugins\SearchResults.xml
[2012/10/11 05:16:31 | 000,005,545 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\searchplugins\webde-suche.xml
[2011/11/15 06:03:04 | 000,001,870 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\searchplugins\{8B4E0C9C-0D8A-4061-9A93-9D08C93ED5DE}.xml
[2011/11/15 06:03:04 | 000,002,188 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\searchplugins\{8D8026EB-AF30-45F6-9394-2A01ECE703F3}.xml
[2011/11/15 06:03:04 | 000,002,077 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja9qja59.default\searchplugins\{B9BC2AD6-A6CD-4421-B991-2390436E934C}.xml
[2012/10/27 12:46:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/27 12:46:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- 
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JA9QJA59.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JA9QJA59.DEFAULT\EXTENSIONS\FINDER@MEINGUTSCHEINCODE.DE.XPI
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JA9QJA59.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012/10/27 12:46:15 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/16 06:43:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/03/05 07:58:13 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/10/16 06:43:29 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/16 06:43:29 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/10/16 06:43:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/10/28 12:47:51 | 000,002,520 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2012/10/16 06:43:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/10/16 06:43:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O2:64bit: - BHO: (SearchCore for Browsers) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\BrowserConnection.dll (Bandoo Media, inc)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Toolbar 3.0 der Telekom Browserhilfsobjekt) - {C9603180-FA5C-4DB0-A013-ADC60309AF82} - C:\Program Files\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (SearchCore for Browsers) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Toolbar 3.0 der Telekom Browserhilfsobjekt) - {C9603180-FA5C-4DB0-A013-ADC60309AF82} - C:\Program Files (x86)\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (Toolbar 3.0 der Telekom) - {2015C8D4-8534-48DB-B5FB-5C76291F080C} - C:\Program Files\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Toolbar 3.0 der Telekom) - {2015C8D4-8534-48DB-B5FB-5C76291F080C} - C:\Program Files (x86)\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKU\Admin_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\Admin_ON_C\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKU\Admin_ON_C\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation)
O3 - HKU\Admin_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\Admin_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files (x86)\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Admin\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKU\Admin_ON_C..\Run: [Facebook Update] C:\Users\Admin\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\Admin_ON_C..\Run: [gzkmgyckzfscuif] C:\ProgramData\gzkmgyck.exe ()
O4 - HKU\Admin_ON_C..\Run: [NortonUtilities] C:\Program Files (x86)\Norton Utilities 14\rmtray.exe (Symantec Corporation)
O4 - HKU\Admin_ON_C..\Run: [Sony Ericsson PC Companion] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk =  File not found
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk = C:\Program Files\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
O4 - Startup: C:\Users\AppData\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk = C:\Program Files\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk = C:\Program Files\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk = C:\Program Files\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG)
O4 - Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk = C:\Program Files\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\Admin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Admin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Admin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9:64bit: - Extra Button: Toolbar 3.0 der Telekom - {A9E70AB8-D4AB-44c3-88B8-E40491F08B50} - C:\Program Files\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Toolbar 3.0 der Telekom - {A9E70AB8-D4AB-44c3-88B8-E40491F08B50} - C:\Program Files (x86)\Deutsche Telekom\Toolbar3\ToToolbar.dll (Deutsche Telekom AG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - .DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15:64bit: - Admin_ON_C\..Trusted Domains: //@surf.mar@/ ([]money in Lokales Intranet)
O15:64bit: - Admin_ON_C\..Trusted Ranges: Range1 ([http] in Lokales Intranet)
O15:64bit: - UpdatusUser_ON_C\..Trusted Ranges: Range1 ([http] in )
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\datamngr.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (Bandoo Media, inc)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Cabo.JPG
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Cabo.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{46081905-fd58-11e0-87d6-00248c6cb188}\Shell - "" = AutoRun
O33 - MountPoints2\{46081905-fd58-11e0-87d6-00248c6cb188}\Shell\AutoRun\command - "" = M:\LGAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/11/15 13:26:49 | 000,000,000 | -HSD | C] -- D:\RECYCLER
[2012/11/15 13:26:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/11/15 04:30:02 | 000,000,000 | ---D | C] -- C:\ProgramData\juesofuqzenvnac
[2012/11/14 04:23:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/11/14 04:23:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012/11/10 07:39:33 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2012/11/10 07:39:33 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2012/11/10 07:39:33 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2012/11/10 07:39:33 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2012/11/10 07:39:33 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2012/11/10 07:39:33 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2012/11/10 07:39:32 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2012/11/10 07:39:32 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2012/11/10 07:39:32 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2012/11/10 07:39:31 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2012/11/10 07:39:31 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2012/11/10 07:39:30 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2012/11/10 07:39:27 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2012/11/10 07:39:27 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2012/11/10 07:39:26 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2012/11/10 07:39:26 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2012/11/10 07:39:25 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2012/11/10 07:39:22 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2012/11/10 07:39:18 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2012/11/10 07:39:18 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2012/11/10 07:39:18 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2012/11/10 07:39:18 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2012/11/10 07:39:18 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2012/11/10 07:39:18 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2012/11/10 07:39:18 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2012/11/10 07:39:18 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2012/11/10 07:39:17 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2012/11/10 07:39:17 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2012/11/10 07:39:17 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2012/11/10 07:39:17 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2012/11/10 07:39:16 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2012/11/10 07:39:16 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2012/11/10 07:32:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda Softworks
[2012/11/10 07:32:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
[2012/11/09 03:31:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/11/09 03:31:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/11/09 03:31:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/11/06 18:05:59 | 000,000,000 | ---D | C] -- D:\UseNeXT
[2012/11/06 18:05:57 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\UseNeXT
[2012/11/06 18:05:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT
[2012/11/06 18:05:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UseNeXT
[2012/10/29 08:00:19 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Chromium
[2012/10/27 12:46:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/25 08:01:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Netzmanager
[2012/10/25 08:01:05 | 000,000,000 | ---D | C] -- C:\Program Files\Netzmanager
[2012/10/25 08:00:57 | 000,000,000 | -H-D | C] -- C:\ProgramData\{87B61FE8-334F-4066-B7AA-68DC81782D4D}
[2012/10/24 21:12:26 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2012/10/24 21:12:26 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2012/10/23 11:12:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/10/19 13:23:51 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\.minecraft
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/11/15 12:36:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/15 12:36:26 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/15 12:36:26 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/15 12:36:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4F792399-00DE-4408-A6C9-82E91FDAB779}.job
[2012/11/15 12:35:48 | 000,685,402 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/11/15 12:35:48 | 000,643,826 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/15 12:35:48 | 000,150,366 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/11/15 12:35:48 | 000,123,650 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/15 12:35:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/15 12:28:20 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/15 05:57:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-355835961-2044894735-1737668965-1000UA.job
[2012/11/15 05:03:16 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{DFFE065E-566A-40E0-86BD-A9E3B906FFE7}.job
[2012/11/15 04:30:02 | 000,076,360 | ---- | M] () -- C:\ProgramData\egabnywdhryaovg
[2012/11/15 04:29:56 | 000,062,976 | ---- | M] () -- C:\ProgramData\gzkmgyck.exe
[2012/11/15 04:26:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/14 14:00:00 | 000,000,482 | ---- | M] () -- C:\Windows\tasks\WinMaximizer-Admin-Scheduled.job
[2012/11/14 04:23:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/11/11 17:57:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-355835961-2044894735-1737668965-1000Core.job
[2012/11/10 07:32:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
[2012/11/09 03:31:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/11/08 12:55:22 | 000,000,818 | ---- | M] () -- C:\Users\Admin\Desktop\Probenplan November.lnk
[2012/11/06 18:05:49 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT
[2012/10/25 08:01:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Netzmanager
[2012/10/24 21:12:26 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2012/10/24 21:12:26 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2012/10/23 15:53:26 | 952,709,964 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/10/23 11:35:27 | 000,003,072 | ---- | M] () -- C:\Windows\SysWow64\Cache.db
[2012/10/23 11:12:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/10/20 16:42:12 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/11/15 04:30:01 | 000,062,976 | ---- | C] () -- C:\ProgramData\gzkmgyck.exe
[2012/11/15 04:29:59 | 000,076,360 | ---- | C] () -- C:\ProgramData\egabnywdhryaovg
[2012/11/08 12:54:37 | 000,000,818 | ---- | C] () -- C:\Users\Admin\Desktop\Probenplan November.lnk
[2012/07/14 07:30:18 | 000,000,021 | ---- | C] () -- C:\Users\Admin\AppData\Local\mc.pixel.data
[2012/07/05 17:39:57 | 000,000,040 | ---- | C] () -- C:\ProgramData\usymmvonoipbtvm
[2012/07/03 11:25:08 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2012/06/03 14:43:38 | 000,000,018 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\sys386ll.dat
[2012/06/03 14:43:02 | 000,000,010 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\hhxprot5
[2012/05/23 11:13:30 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\Input.xml
[2012/05/23 11:13:04 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\Settings.xml
[2012/05/12 04:49:35 | 000,021,465 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\UserTile.png
[2012/03/05 07:58:34 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/03/05 07:58:34 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/09/19 06:06:51 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{58F6FC5F-FEC9-418C-8075-0BF341269AC3}
[2011/09/19 06:02:47 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{8736F569-73D5-4898-96B6-B2D8DB928A71}
[2011/09/19 05:23:44 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{DF0A3EEA-4AA8-4A1B-AE05-9F215F5160AB}
[2011/09/14 19:28:30 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{02167C78-4221-4EF1-8BED-10488DD27494}
[2011/09/14 19:24:29 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{F9879DDA-B2A0-4F45-B0B9-1DECC9BB181E}
[2011/09/10 20:13:06 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{9BAD74EB-684E-4A22-9B27-6CC7C823BED6}
[2011/09/10 20:07:50 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{8E78CD8E-D762-426A-9279-909FAF8ECC4E}
[2011/08/29 17:43:10 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{74BFA37D-F269-49F6-B6BC-996C94354BCC}
[2011/08/29 17:37:15 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{81695A4E-F852-44C0-A813-A8231CCF60B9}
[2011/08/23 05:51:11 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{15720912-6FCD-42F3-B350-446A6B9CA70E}
[2011/08/22 12:43:31 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{1765520F-AE10-433A-8174-8F45E752081F}
[2011/08/20 21:03:47 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{F8729B31-FDB2-4FD0-AB4A-B3829AE20972}
[2010/12/06 01:54:20 | 000,000,170 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2010/12/06 01:52:32 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll
[2010/03/15 05:25:34 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/03/13 09:00:20 | 000,000,035 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010/03/11 10:11:54 | 000,039,125 | ---- | C] () -- C:\Windows\iccsigs.dat
[2010/03/10 11:22:10 | 000,000,038 | ---- | C] () -- C:\Windows\wininit.ini
[2010/02/20 15:52:53 | 000,000,093 | ---- | C] () -- C:\Users\Admin\AppData\Local\fusioncache.dat
[2010/02/10 14:54:32 | 001,576,622 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/01/29 04:37:23 | 000,000,000 | ---- | C] () -- C:\Windows\longfile.INI
[2010/01/29 04:37:13 | 001,371,436 | R--- | C] () -- C:\Windows\SysWow64\VBAR2132.DLL
[2010/01/29 04:33:03 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\scpext.dll
[2009/11/17 17:08:56 | 000,699,183 | ---- | C] () -- C:\Users\Admin\AppData\Local\tmpDSCI0434.1
[2009/11/17 17:08:50 | 000,699,194 | ---- | C] () -- C:\Users\Admin\AppData\Local\tmpDSCI0434.JPG
[2009/11/17 17:08:49 | 001,826,773 | ---- | C] () -- C:\Users\Admin\AppData\Local\tmpDSCI0434.0
[2009/10/22 12:02:55 | 000,007,207 | R--- | C] () -- C:\Windows\Disktool.INI
[2009/10/22 12:02:55 | 000,003,677 | R--- | C] () -- C:\Windows\PlaySnd.INI
[2009/10/10 11:43:39 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll
[2009/10/09 09:34:29 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\CleanFFB.exe
[2009/09/19 12:42:56 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/19 12:42:35 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/09/19 12:42:15 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/09/19 09:20:30 | 000,556,846 | ---- | C] () -- C:\Users\Admin\AppData\Local\tmpDSC_0585_1519.JPG
[2009/09/19 09:20:01 | 000,005,625 | ---- | C] () -- C:\Users\Admin\AppData\Local\tmpDSC_0585_1519_navi.JPG
[2009/09/19 09:19:57 | 000,542,964 | ---- | C] () -- C:\Users\Admin\AppData\Local\tmpDSC_0585_1519.1
[2009/09/19 09:19:51 | 002,269,594 | ---- | C] () -- C:\Users\Admin\AppData\Local\tmpDSC_0585_1519.0
[2009/08/12 16:06:19 | 000,000,680 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2009/07/26 10:17:22 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Flange Saw
[2009/07/26 10:17:22 | 000,000,268 | RH-- | C] () -- C:\Users\Admin\AppData\Roaming\Filesystems
[2009/07/26 10:17:22 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2009/07/26 10:17:22 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Frameworks
[2009/07/26 10:12:54 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Filters
[2009/07/26 10:12:54 | 000,000,268 | RH-- | C] () -- C:\Users\Admin\AppData\Roaming\External Build System
[2009/07/26 10:12:53 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2009/07/26 10:12:53 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Folder Actions Handlers
[2009/07/07 14:30:19 | 000,170,087 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009/07/07 08:10:20 | 000,146,214 | ---- | C] () -- C:\Windows\hpoins18.dat
[2009/07/07 08:10:03 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2009/07/07 02:57:24 | 000,053,760 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/06 12:05:28 | 000,002,188 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps64.dat
[2009/02/04 22:09:13 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/02/04 14:46:59 | 000,000,428 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2009/02/04 13:52:02 | 000,354,816 | ---- | C] () -- C:\Windows\SysWow64\pythoncom26.dll
[2009/02/04 13:52:02 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\pywintypes26.dll
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/03/01 01:00:00 | 000,016,473 | ---- | C] () -- C:\Windows\SysWow64\SELF32.INI
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 10:02:31 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2004/11/04 03:19:14 | 000,006,399 | R--- | C] () -- C:\Windows\fwupgrade.ini
 
========== LOP Check ==========
 
[2012/11/11 04:10:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\.minecraft
[2012/03/21 07:43:25 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\.spoutcraft
[2009/08/27 11:17:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Amazon
[2012/03/05 07:58:11 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Babylon
[2010/06/23 11:01:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\BloodTies
[2009/09/15 03:18:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\CoSoSys
[2010/07/29 07:21:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DarkParablesBriarRoseSE_BFG
[2010/01/11 08:35:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Desktopicon
[2011/08/13 06:39:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\digital publishing
[2010/09/21 07:12:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\elsterformular
[2012/01/26 15:14:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Festo
[2011/12/07 08:57:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FOG Downloader
[2009/08/07 15:24:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\funkitron
[2012/01/31 07:33:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Gaijin Ent
[2012/08/21 06:38:08 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\GARMIN
[2012/01/27 11:15:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Gogii
[2012/06/03 14:43:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Haushaltsbuch 5
[2012/04/12 03:33:53 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Image Zone Express
[2009/07/06 15:01:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\IrfanView
[2011/11/15 11:23:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\kikin
[2012/04/05 13:46:50 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\loadtbs
[2009/07/08 08:50:36 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Magic Academy
[2009/12/14 16:55:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MastersOfMystery2
[2012/08/18 07:00:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
[2012/06/30 06:18:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
[2010/06/01 09:15:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Meridian93
[2012/05/22 09:05:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mkvtoolnix
[2010/03/14 08:26:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\muvee Technologies
[2011/05/25 04:39:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MyHeritage
[2010/06/23 11:11:21 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Nevosoft Games
[2009/07/26 10:35:11 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Nikon
[2011/11/15 06:03:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OCS
[2011/11/15 06:03:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Opera
[2010/05/08 14:14:42 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Peace Craft
[2012/05/12 04:49:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PeerNetworking
[2010/06/22 10:44:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PlayFirst
[2010/07/27 15:43:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PoBros
[2009/08/01 04:53:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Printer Info Cache
[2011/02/05 03:52:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ProtectDisc
[2010/06/19 10:05:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Settlement. Colossus
[2012/05/10 07:30:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SKAT
[2010/08/28 14:15:01 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Sony
[2011/12/18 12:09:46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SPORE
[2010/08/28 11:49:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Teleca
[2012/02/23 09:42:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TestApp
[2010/12/06 01:52:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\The Complete Genealogy Reporter - FTB
[2012/05/21 08:24:06 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TS3Client
[2012/07/30 09:28:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Tunngle
[2010/11/15 13:08:37 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Turbine
[2012/11/06 18:57:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\UseNeXT
[2010/05/20 12:19:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\V-Games
[2010/05/19 12:11:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\VampireSaga
[2012/06/08 08:11:06 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WildTangent
[2009/07/07 14:33:06 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WinBatch
[2010/07/31 11:47:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Alawar Stargaze
[2012/01/27 11:15:03 | 000,000,000 | ---D | M] -- C:\ProgramData\AlawarWrapper
[2009/07/06 10:12:46 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2012/07/12 03:25:26 | 000,000,000 | ---D | M] -- C:\ProgramData\Ask
[2011/04/08 05:38:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Avanquest
[2012/03/05 07:58:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
[2010/01/20 11:46:19 | 000,000,000 | ---D | M] -- C:\ProgramData\BewerbungsMaster
[2011/10/29 02:56:29 | 000,000,000 | ---D | M] -- C:\ProgramData\boost_interprocess
[2010/08/28 11:57:46 | 000,000,000 | ---D | M] -- C:\ProgramData\BVRP Software
[2010/07/29 14:35:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Deadtime Stories
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2012/02/13 13:13:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Divinity 2
[2011/12/07 09:12:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Divinity 2 DKS
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009/07/06 10:12:46 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010/10/15 08:45:47 | 000,000,000 | ---D | M] -- C:\ProgramData\Driver Whiz
[2011/09/06 10:46:40 | 000,000,000 | -HSD | M] -- C:\ProgramData\DSS
[2011/06/07 08:02:20 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Core
[2012/07/26 05:17:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2010/09/21 06:42:14 | 000,000,000 | ---D | M] -- C:\ProgramData\elsterformular
[2009/07/26 10:17:22 | 000,000,000 | ---D | M] -- C:\ProgramData\EnterNHelp
[2009/07/10 04:28:44 | 000,000,000 | ---D | M] -- C:\ProgramData\EscapeTheMuseum
[2009/07/06 10:12:46 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012/01/26 15:16:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Festo
[2012/08/08 16:39:45 | 000,000,000 | ---D | M] -- C:\ProgramData\firebird
[2011/06/01 07:28:55 | 000,000,000 | ---D | M] -- C:\ProgramData\Firefly Studios
[2010/05/21 10:56:59 | 000,000,000 | ---D | M] -- C:\ProgramData\GAMEON
[2012/08/20 07:40:24 | 000,000,000 | ---D | M] -- C:\ProgramData\GARMIN
[2010/02/20 16:04:23 | 000,000,000 | ---D | M] -- C:\ProgramData\HipSoft
[2012/03/28 11:29:57 | 000,000,000 | ---D | M] -- C:\ProgramData\InstallMate
[2010/07/27 15:27:52 | 000,000,000 | ---D | M] -- C:\ProgramData\JollyBear
[2012/11/15 04:30:03 | 000,000,000 | ---D | M] -- C:\ProgramData\juesofuqzenvnac
[2010/03/27 06:54:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Kingdom
[2010/03/26 14:36:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Kristanix Games
[2010/06/01 09:15:42 | 000,000,000 | ---D | M] -- C:\ProgramData\Meridian93
[2011/12/30 15:45:18 | 000,000,000 | ---D | M] -- C:\ProgramData\mquadr.at
[2010/03/14 07:23:56 | 000,000,000 | ---D | M] -- C:\ProgramData\muvee Technologies
[2011/05/25 04:41:26 | 000,000,000 | ---D | M] -- C:\ProgramData\MyHeritage
[2012/10/25 08:01:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Netzmanager
[2009/09/06 10:15:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Newsoft
[2009/07/26 10:16:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Nikon
[2010/05/08 14:10:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Oberon Media
[2009/02/04 14:36:56 | 000,000,000 | ---D | M] -- C:\ProgramData\PC-Doctor
[2009/02/04 14:36:55 | 000,000,000 | ---D | M] -- C:\ProgramData\PC-Doctor for Windows
[2010/06/22 10:44:47 | 000,000,000 | ---D | M] -- C:\ProgramData\PlayFirst
[2010/11/09 15:30:54 | 000,000,000 | ---D | M] -- C:\ProgramData\PMB Files
[2010/07/27 15:43:09 | 000,000,000 | ---D | M] -- C:\ProgramData\PoBros
[2012/03/28 11:19:33 | 000,000,000 | ---D | M] -- C:\ProgramData\Premium
[2009/09/08 07:48:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Sandlot Games
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009/07/06 10:12:46 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2012/01/08 11:34:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Tarma Installer
[2012/10/23 11:35:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2006/11/02 10:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2012/07/14 07:34:33 | 000,000,000 | ---D | M] -- C:\ProgramData\tmp
[2012/08/06 11:52:09 | 000,000,000 | ---D | M] -- C:\ProgramData\Tunngle
[2010/10/15 08:46:13 | 000,000,000 | ---D | M] -- C:\ProgramData\UAB
[2009/07/26 10:17:22 | 000,000,000 | ---D | M] -- C:\ProgramData\Ultima_T15
[2009/07/06 10:12:46 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2012/06/08 08:11:47 | 000,000,000 | ---D | M] -- C:\ProgramData\WildTangent
[2011/07/26 17:36:27 | 000,000,000 | ---D | M] -- C:\ProgramData\WinMaximizer
[2011/10/28 12:48:15 | 000,000,000 | -H-D | M] -- C:\ProgramData\{1B0B54CA-AA7D-41D3-A84A-29E7C9CB13A2}
[2012/10/25 08:01:09 | 000,000,000 | -H-D | M] -- C:\ProgramData\{87B61FE8-334F-4066-B7AA-68DC81782D4D}
[2012/10/25 08:00:46 | 000,000,000 | -H-D | M] -- C:\ProgramData\{DD034EDF-8A92-4F84-A64A-26BF9B7AE354}
[2012/11/11 17:57:00 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-355835961-2044894735-1737668965-1000Core.job
[2012/11/15 05:57:01 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-355835961-2044894735-1737668965-1000UA.job
[2012/10/20 16:42:12 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2012/11/15 12:36:25 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/11/15 12:36:00 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4F792399-00DE-4408-A6C9-82E91FDAB779}.job
[2012/11/15 05:03:16 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{DFFE065E-566A-40E0-86BD-A9E3B906FFE7}.job
[2012/11/14 14:00:00 | 000,000,482 | ---- | M] () -- C:\Windows\Tasks\WinMaximizer-Admin-Scheduled.job
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2012/07/27 09:11:06 | 000,045,041 | ---- | M] ()(C:\Users\Admin\Desktop\mama eule ?.jpg) -- C:\Users\Admin\Desktop\mama eule ♥.jpg
[2012/07/27 09:11:06 | 000,045,041 | ---- | C] ()(C:\Users\Admin\Desktop\mama eule ?.jpg) -- C:\Users\Admin\Desktop\mama eule ♥.jpg
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:1013B07C
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:9CB2B6C5
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:D287FACF
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:794BB94F
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:9C5E2795
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:204BEE0F
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:940ECC98
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:687D1056
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:8F925134
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:D93DCF15
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:5425B7F5
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:D44D0CA3
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1
< End of report >
         
--- --- ---
__________________

Geändert von Krake (15.11.2012 um 17:12 Uhr)

Alt 16.11.2012, 09:47   #4
Psychotic
/// Malwareteam
 
Cyer police Sperre - Standard

Cyer police Sperre



Versuche, den Fix auf die lokale Festplatte zu kopieren.
Starte dann mit OTLPE und lade den Fix von der Festplatte!
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 16.11.2012, 12:12   #5
Krake
 
Cyer police Sperre - Standard

Cyer police Sperre



Hab den Fix von der Festplatte geladen und den PC im normalen Modus gestartet. Er ist hochgefahren und zeigt nun wieder den Police Cyer Bildschirm.


Alt 16.11.2012, 12:20   #6
Psychotic
/// Malwareteam
 
Cyer police Sperre - Standard

Cyer police Sperre



Der will es aber genau wissen...


FRST 64



Downloade dir bitte Farbar's Recovery Scan Tool x64 und speichere diese auf einen USB Stick.

Schließe den USB Stick an das infizierte System an

Du musst das System nun in die System Reparatur Option booten.

Über den Boot Manager
  • Starte den Rechner neu auf.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu auf und starte von der CD
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !!
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".


Wähle in den Reparaturoptionen Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument --> Datei --> Speichern unter und wähle Computer
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Yes und klicke Scan
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________
--> Cyer police Sperre

Alt 16.11.2012, 22:40   #7
Krake
 
Cyer police Sperre - Standard

Cyer police Sperre



Danke hat funktioniert. Hier der FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2012
Ran by SYSTEM at 16-11-2012 22:32:36
Running from K:\
Windows Vista (TM) Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [x]
HKLM\...\Run: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [x]
HKLM\...\Run: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [182808 2008-11-03] (Intel Corporation)
HKLM\...\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe [182784 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe [225792 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [Ocs_SM] C:\Users\Admin\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2011-11-15] (OCS)
HKLM-x32\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE [12288 2008-07-21] (Microsoft)
HKLM-x32\...\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75016 2008-12-03] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Nikon Transfer Monitor] "C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe" [479232 2009-09-15] (Nikon Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1564872 2012-06-06] (Ask)
HKLM-x32\...\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized [1466760 2012-06-03] (Garmin)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-02] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-24] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2254768 2012-11-15] (LogMeIn Inc.)
HKU\Admin\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Admin\...\Run: [NortonUtilities] C:\Program Files (x86)\Norton Utilities 14\rmtray.exe /S [279912 2009-09-14] (Symantec Corporation)
HKU\Admin\...\Run: [Sony Ericsson PC Companion] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background [433872 2011-10-21] (Sony Ericsson)
HKU\Admin\...\Run: [Facebook Update] "C:\Users\Admin\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-17] (Facebook Inc.)
HKU\Admin\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-10-19] (Google Inc.)
HKU\Admin\...\Run: [gzkmgyckzfscuif] C:\ProgramData\gzkmgyck.exe [62976 2012-11-15] ()
HKU\Admin\...\Policies\system: [LogonHoursAction] 2
HKU\Admin\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [966656 2008-12-01] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [966656 2008-12-01] (Hewlett-Packard)
HKU\UpdatusUser\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [966656 2008-12-01] (Hewlett-Packard)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\datamngr.dll C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Meine Dienste.lnk
ShortcutTarget: Meine Dienste.lnk -> C:\Program Files\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Meine Dienste.lnk
ShortcutTarget: Meine Dienste.lnk -> C:\Program Files\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG)

==================== Services (Whitelisted) ===================

2 FirebirdGuardianDefaultInstance; "C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe" -s DefaultInstance [98304 2010-09-17] (Firebird Project)
3 FirebirdServerDefaultInstance; "C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe" -s DefaultInstance [3735552 2010-09-17] (Firebird Project)
2 MCSWASVR; C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe [12800 2011-11-23] (Deutsche Telekom AG)
2 Netzmanager Service; "C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe" [2635776 2012-07-20] (Deutsche Telekom AG)
2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation)
2 SearchAnonymizer; "C:\Users\Admin\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe" [40960 2011-11-15] ()
3 Sony Ericsson PCCompanion; "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe" [155344 2011-06-29] (Avanquest Software)
3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [738152 2012-07-19] (Tunngle.net GmbH)
2 TVCapSvc; "C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe" [296320 2009-04-22] ()
2 TVSched; "C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe" [116104 2009-04-22] ()

==================== Drivers (Whitelisted) =====================

1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20121106.001\BHDrvx64.sys [1384608 2012-10-23] (Symantec Corporation)
1 cbfs3; C:\Windows\System32\Drivers\cbfs3.sys [318152 2010-05-15] (EldoS Corporation)
1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys [167072 2012-06-06] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-09] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20121114.001\IDSvia64.sys [513184 2012-08-31] (Symantec Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20121114.008\ENG64.SYS [126112 2012-11-15] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20121114.008\EX64.SYS [2084000 2012-11-15] (Symantec Corporation)
3 phaudlwr; C:\Windows\System32\Drivers\phaudlwr.sys [114608 2009-10-20] (Philips Applied Technologies)
3 s0017bus; C:\Windows\System32\Drivers\s0017bus.sys [113704 2008-10-20] (MCCI Corporation)
3 s0017mdfl; C:\Windows\System32\Drivers\s0017mdfl.sys [19496 2008-10-20] (MCCI Corporation)
3 s0017mdm; C:\Windows\System32\Drivers\s0017mdm.sys [152616 2008-10-20] (MCCI Corporation)
3 s0017mgmt; C:\Windows\System32\Drivers\s0017mgmt.sys [133160 2008-10-20] (MCCI Corporation)
3 s0017nd5; C:\Windows\System32\Drivers\s0017nd5.sys [34856 2008-10-20] (MCCI Corporation)
3 s0017obex; C:\Windows\System32\Drivers\s0017obex.sys [128552 2008-10-20] (MCCI Corporation)
3 s0017unic; C:\Windows\System32\Drivers\s0017unic.sys [145960 2008-10-20] (MCCI Corporation)
3 s1039bus; C:\Windows\System32\Drivers\s1039bus.sys [127600 2010-03-15] (MCCI Corporation)
3 s1039mdfl; C:\Windows\System32\Drivers\s1039mdfl.sys [19568 2010-03-15] (MCCI Corporation)
3 s1039mdm; C:\Windows\System32\Drivers\s1039mdm.sys [161904 2010-03-15] (MCCI Corporation)
3 s1039mgmt; C:\Windows\System32\Drivers\s1039mgmt.sys [141424 2010-03-15] (MCCI Corporation)
3 s1039nd5; C:\Windows\System32\Drivers\s1039nd5.sys [34416 2010-03-15] (MCCI Corporation)
3 s1039obex; C:\Windows\System32\Drivers\s1039obex.sys [137328 2010-03-15] (MCCI Corporation)
3 s1039unic; C:\Windows\System32\Drivers\s1039unic.sys [158320 2010-03-15] (MCCI Corporation)
3 seehcri; C:\Windows\System32\Drivers\seehcri.sys [34032 2010-08-28] (Sony Ericsson Mobile Communications)
3 SPC630; C:\Windows\System32\Drivers\SPC630.sys [587264 2008-07-07] ( )
3 SPC630m; C:\Windows\System32\Drivers\SPC630m.sys [8192 2008-07-07] ( )
1 SRTSP; C:\Windows\System32\Drivers\NISx64\1309000.009\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\NISx64\1309000.009\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\NISx64\1309000.009\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NISx64\1309000.009\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-03-26] (Symantec Corporation)
1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [43640 2011-11-23] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS [190072 2012-04-17] (Symantec Corporation)
1 SYMTDIv; C:\Windows\System32\Drivers\NISx64\1309000.009\SYMTDIV.SYS [445560 2012-04-17] (Symantec Corporation)
3 tap0901t; C:\Windows\System32\Drivers\tap0901t.sys [31232 2009-09-15] (Tunngle.net)
3 TelekomNM6; \??\C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
2 {55662437-DA8C-40c0-AADA-2C816A897A49}; \??\C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2008-11-28] (CyberLink Corp.)
3 cpuz132; \??\C:\Users\Admin\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 PCD5SRVC{8AAF211B-043E02A9-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [x]
3 SYMDNS; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SYMDNS.SYS [x]
3 SYMFW; C:\Windows\System32\Drivers\NISx64\1008000.029\SYMFW.SYS [x]
3 SYMNDISV; C:\Windows\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS [x]
3 SYMREDRV; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SYMREDRV.SYS [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-11-16 22:32 - 2012-11-16 22:32 - 00000000 ____D C:\FRST
2012-11-16 02:16 - 2012-11-16 02:16 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2012-11-15 09:58 - 2012-11-16 08:09 - 00036312 ____A C:\Extras.Txt
2012-11-15 09:22 - 2012-11-16 08:09 - 00161400 ____A C:\OTL.Txt
2012-11-15 01:30 - 2012-11-15 01:30 - 00000000 ____D C:\Users\All Users\juesofuqzenvnac
2012-11-15 01:30 - 2012-11-15 01:30 - 00000000 ____D C:\Users\All Users\Application Data\juesofuqzenvnac
2012-11-15 01:30 - 2012-11-15 01:29 - 00062976 ____A C:\Users\All Users\gzkmgyck.exe
2012-11-15 01:30 - 2012-11-15 01:29 - 00062976 ____A C:\Users\All Users\Application Data\gzkmgyck.exe
2012-11-15 01:29 - 2012-11-15 01:30 - 00076360 ____A C:\Users\All Users\egabnywdhryaovg
2012-11-15 01:29 - 2012-11-15 01:30 - 00076360 ____A C:\Users\All Users\Application Data\egabnywdhryaovg
2012-11-15 01:29 - 2012-11-15 01:29 - 00062976 ____A C:\Users\Admin\0.279950476258064.exe
2012-11-10 04:39 - 2010-02-04 01:01 - 00530776 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll
2012-11-10 04:39 - 2010-02-04 01:01 - 00528216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2012-11-10 04:39 - 2010-02-04 01:01 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2012-11-10 04:39 - 2010-02-04 01:01 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll
2012-11-10 04:39 - 2010-02-04 01:01 - 00078680 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll
2012-11-10 04:39 - 2010-02-04 01:01 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2012-11-10 04:39 - 2010-02-04 01:01 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll
2012-11-10 04:39 - 2010-02-04 01:01 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2012-11-10 04:39 - 2009-09-04 08:44 - 00517960 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll
2012-11-10 04:39 - 2009-09-04 08:44 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2012-11-10 04:39 - 2009-09-04 08:44 - 00176968 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll
2012-11-10 04:39 - 2009-09-04 08:44 - 00073544 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll
2012-11-10 04:39 - 2009-09-04 08:29 - 05554512 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll
2012-11-10 04:39 - 2009-09-04 08:29 - 05501792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2012-11-10 04:39 - 2009-09-04 08:29 - 02582888 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll
2012-11-10 04:39 - 2009-09-04 08:29 - 02475352 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_42.dll
2012-11-10 04:39 - 2009-09-04 08:29 - 00285024 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll
2012-11-10 04:39 - 2009-09-04 08:29 - 00235344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2012-11-10 04:39 - 2008-10-27 01:04 - 00518480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll
2012-11-10 04:39 - 2008-10-27 01:04 - 00514384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2012-11-10 04:39 - 2008-10-27 01:04 - 00235856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2012-11-10 04:39 - 2008-10-27 01:04 - 00175440 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll
2012-11-10 04:39 - 2008-10-27 01:04 - 00074576 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll
2012-11-10 04:39 - 2008-10-27 01:04 - 00070992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2012-11-10 04:39 - 2008-10-27 01:04 - 00025936 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll
2012-11-10 04:39 - 2008-10-27 01:04 - 00023376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2012-11-10 04:39 - 2008-07-31 01:41 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2012-11-10 04:39 - 2008-07-31 01:41 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_2.dll
2012-11-10 04:39 - 2008-07-31 01:41 - 00072200 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_1.dll
2012-11-10 04:39 - 2008-07-31 01:41 - 00068616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2012-11-10 04:39 - 2008-07-31 01:40 - 00513544 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_2.dll
2012-11-10 04:39 - 2008-07-31 01:40 - 00509448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2012-11-10 04:32 - 2012-11-10 04:37 - 00001961 ____A C:\Users\Public\Desktop\Oblivion.lnk
2012-11-10 04:32 - 2012-11-10 04:37 - 00001961 ____A C:\Users\All Users\Desktop\Oblivion.lnk
2012-11-10 04:32 - 2012-11-10 04:32 - 00000000 ____D C:\Program Files (x86)\Bethesda Softworks
2012-11-09 00:31 - 2012-11-09 00:31 - 00001718 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-11-09 00:31 - 2012-11-09 00:31 - 00001718 ____A C:\Users\All Users\Desktop\QuickTime Player.lnk
2012-11-09 00:31 - 2012-11-09 00:31 - 00000000 ____D C:\Users\All Users\Application Data\Apple Computer
2012-11-09 00:31 - 2012-11-09 00:31 - 00000000 ____D C:\Users\All Users\Apple Computer
2012-11-09 00:31 - 2012-11-09 00:31 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-11-08 09:54 - 2012-11-08 09:55 - 00000818 ____A C:\Users\Admin\Desktop\Probenplan November.lnk
2012-11-06 15:05 - 2012-11-06 15:57 - 00000000 ____D C:\Users\Admin\AppData\Roaming\UseNeXT
2012-11-06 15:05 - 2012-11-06 15:05 - 02927968 ____A (Tangysoft Ltd. ) C:\Users\Admin\Downloads\UseNeXT_freetrial_416123w.exe
2012-11-06 15:05 - 2012-11-06 15:05 - 00000000 ____D C:\Program Files (x86)\UseNeXT
2012-10-29 05:00 - 2012-10-29 05:00 - 00000000 ____D C:\Users\Admin\AppData\Local\Chromium
2012-10-27 09:46 - 2012-10-27 09:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-10-27 03:05 - 2012-10-27 03:06 - 40166821 ____A C:\Users\Admin\Downloads\64px 4.6.1 [mc1.4.2] HD MK WORKING.zip
2012-10-27 03:05 - 2012-10-27 03:06 - 39146373 ____A C:\Users\Admin\Downloads\64px [mc1.4.2] MK ANTIK 2.3.zip
2012-10-25 10:44 - 2012-10-25 10:46 - 50570531 ____A C:\Users\Admin\Downloads\Misa431.zip
2012-10-25 06:54 - 2012-10-25 06:55 - 49769524 ____A C:\Users\Admin\Downloads\Misa430.zip
2012-10-25 06:53 - 2012-10-25 06:53 - 01689625 ____A C:\Users\Admin\Downloads\mcpatcher-2.4.3_02.exe
2012-10-25 05:01 - 2012-10-25 05:01 - 00000000 ____D C:\Program Files\Netzmanager
2012-10-25 05:00 - 2012-10-25 05:01 - 00000000 __HDC C:\Users\All Users\Application Data\{87B61FE8-334F-4066-B7AA-68DC81782D4D}
2012-10-25 05:00 - 2012-10-25 05:01 - 00000000 __HDC C:\Users\All Users\{87B61FE8-334F-4066-B7AA-68DC81782D4D}
2012-10-24 18:12 - 2012-10-24 18:12 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2012-10-24 18:12 - 2012-10-24 18:12 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
2012-10-23 12:53 - 2012-10-23 12:53 - 00365400 ____A C:\Windows\Minidump\Mini102312-04.dmp
2012-10-23 06:29 - 2012-10-23 06:29 - 00620328 ____A C:\Windows\Minidump\Mini102312-03.dmp
2012-10-23 05:06 - 2012-10-23 05:06 - 00489048 ____A C:\Windows\Minidump\Mini102312-02.dmp
2012-10-23 02:15 - 2012-10-23 02:15 - 00569152 ____A C:\Windows\Minidump\Mini102312-01.dmp
2012-10-19 10:23 - 2012-11-11 01:10 - 00000000 ____D C:\Users\Admin\AppData\Roaming\.minecraft

==================== One Month Modified Files and Folders =======

2012-11-16 08:09 - 2012-11-15 09:58 - 00036312 ____A C:\Extras.Txt
2012-11-16 08:09 - 2012-11-15 09:22 - 00161400 ____A C:\OTL.Txt
2012-11-16 02:41 - 2010-05-29 01:20 - 00000420 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{4F792399-00DE-4408-A6C9-82E91FDAB779}.job
2012-11-16 02:39 - 2012-03-01 07:08 - 00000000 ____D C:\Users\Admin\AppData\Local\LogMeIn Hamachi
2012-11-16 02:39 - 2010-02-05 07:24 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-11-16 02:39 - 2009-02-04 11:12 - 00000000 ____D C:\Users\All Users\NVIDIA
2012-11-16 02:39 - 2009-02-04 11:12 - 00000000 ____D C:\Users\All Users\Application Data\NVIDIA
2012-11-16 02:39 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-16 02:39 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-16 02:39 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-16 02:16 - 2012-11-16 02:16 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2012-11-15 09:36 - 2009-03-28 12:49 - 01842945 ____A C:\Windows\WindowsUpdate.log
2012-11-15 09:36 - 2006-11-02 07:42 - 00032534 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-11-15 09:35 - 2010-02-05 07:24 - 00001110 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-11-15 09:35 - 2009-02-04 18:46 - 00685402 ____A C:\Windows\System32\perfh007.dat
2012-11-15 09:35 - 2009-02-04 18:46 - 00150366 ____A C:\Windows\System32\perfc007.dat
2012-11-15 09:35 - 2006-11-02 04:46 - 01597552 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-15 09:18 - 2009-07-06 07:13 - 00000000 ____D C:\users\Admin
2012-11-15 02:57 - 2012-07-17 13:52 - 00000928 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-355835961-2044894735-1737668965-1000UA.job
2012-11-15 02:03 - 2012-01-07 04:15 - 00000422 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{DFFE065E-566A-40E0-86BD-A9E3B906FFE7}.job
2012-11-15 01:30 - 2012-11-15 01:30 - 00000000 ____D C:\Users\All Users\juesofuqzenvnac
2012-11-15 01:30 - 2012-11-15 01:30 - 00000000 ____D C:\Users\All Users\Application Data\juesofuqzenvnac
2012-11-15 01:30 - 2012-11-15 01:29 - 00076360 ____A C:\Users\All Users\egabnywdhryaovg
2012-11-15 01:30 - 2012-11-15 01:29 - 00076360 ____A C:\Users\All Users\Application Data\egabnywdhryaovg
2012-11-15 01:29 - 2012-11-15 01:30 - 00062976 ____A C:\Users\All Users\gzkmgyck.exe
2012-11-15 01:29 - 2012-11-15 01:30 - 00062976 ____A C:\Users\All Users\Application Data\gzkmgyck.exe
2012-11-15 01:29 - 2012-11-15 01:29 - 00062976 ____A C:\Users\Admin\0.279950476258064.exe
2012-11-15 01:26 - 2012-04-28 02:04 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-14 12:22 - 2011-05-07 12:16 - 00000000 ____D C:\Users\Admin\AppData\Roaming\HpUpdate
2012-11-14 11:00 - 2011-07-27 00:48 - 00000482 ____A C:\Windows\Tasks\WinMaximizer-Admin-Scheduled.job
2012-11-12 13:08 - 2009-10-19 15:38 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Skype
2012-11-11 14:57 - 2012-07-17 13:52 - 00000906 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-355835961-2044894735-1737668965-1000Core.job
2012-11-11 08:52 - 2009-09-01 04:38 - 00000000 ____D C:\Users\Admin\Documents\Meine Scans
2012-11-11 01:10 - 2012-10-19 10:23 - 00000000 ____D C:\Users\Admin\AppData\Roaming\.minecraft
2012-11-11 00:34 - 2008-01-20 19:26 - 00113234 ____A C:\Windows\PFRO.log
2012-11-10 04:39 - 2009-10-10 08:32 - 00410885 ____A C:\Windows\Directx.log
2012-11-10 04:37 - 2012-11-10 04:32 - 00001961 ____A C:\Users\Public\Desktop\Oblivion.lnk
2012-11-10 04:37 - 2012-11-10 04:32 - 00001961 ____A C:\Users\All Users\Desktop\Oblivion.lnk
2012-11-10 04:32 - 2012-11-10 04:32 - 00000000 ____D C:\Program Files (x86)\Bethesda Softworks
2012-11-10 04:25 - 2012-09-30 09:03 - 00000000 ____D C:\Neuer Ordner
2012-11-09 04:11 - 2009-07-10 03:11 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-11-09 00:31 - 2012-11-09 00:31 - 00001718 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-11-09 00:31 - 2012-11-09 00:31 - 00001718 ____A C:\Users\All Users\Desktop\QuickTime Player.lnk
2012-11-09 00:31 - 2012-11-09 00:31 - 00000000 ____D C:\Users\All Users\Application Data\Apple Computer
2012-11-09 00:31 - 2012-11-09 00:31 - 00000000 ____D C:\Users\All Users\Apple Computer
2012-11-09 00:31 - 2012-11-09 00:31 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-11-08 09:55 - 2012-11-08 09:54 - 00000818 ____A C:\Users\Admin\Desktop\Probenplan November.lnk
2012-11-07 13:19 - 2010-05-11 00:51 - 00000000 ___SD C:\Users\Admin\Documents\Eigene Datenquellen
2012-11-07 12:04 - 2006-11-02 07:27 - 00246403 ____A C:\Windows\setupact.log
2012-11-06 15:57 - 2012-11-06 15:05 - 00000000 ____D C:\Users\Admin\AppData\Roaming\UseNeXT
2012-11-06 15:05 - 2012-11-06 15:05 - 02927968 ____A (Tangysoft Ltd. ) C:\Users\Admin\Downloads\UseNeXT_freetrial_416123w.exe
2012-11-06 15:05 - 2012-11-06 15:05 - 00000000 ____D C:\Program Files (x86)\UseNeXT
2012-10-29 05:00 - 2012-10-29 05:00 - 00000000 ____D C:\Users\Admin\AppData\Local\Chromium
2012-10-29 04:58 - 2010-11-09 13:32 - 00000000 ____D C:\Users\Admin\AppData\Local\Turbine
2012-10-28 00:31 - 2012-05-03 01:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-10-27 09:46 - 2012-10-27 09:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-10-27 03:06 - 2012-10-27 03:05 - 40166821 ____A C:\Users\Admin\Downloads\64px 4.6.1 [mc1.4.2] HD MK WORKING.zip
2012-10-27 03:06 - 2012-10-27 03:05 - 39146373 ____A C:\Users\Admin\Downloads\64px [mc1.4.2] MK ANTIK 2.3.zip
2012-10-25 10:46 - 2012-10-25 10:44 - 50570531 ____A C:\Users\Admin\Downloads\Misa431.zip
2012-10-25 06:55 - 2012-10-25 06:54 - 49769524 ____A C:\Users\Admin\Downloads\Misa430.zip
2012-10-25 06:53 - 2012-10-25 06:53 - 01689625 ____A C:\Users\Admin\Downloads\mcpatcher-2.4.3_02.exe
2012-10-25 05:01 - 2012-10-25 05:01 - 00000000 ____D C:\Program Files\Netzmanager
2012-10-25 05:01 - 2012-10-25 05:00 - 00000000 __HDC C:\Users\All Users\Application Data\{87B61FE8-334F-4066-B7AA-68DC81782D4D}
2012-10-25 05:01 - 2012-10-25 05:00 - 00000000 __HDC C:\Users\All Users\{87B61FE8-334F-4066-B7AA-68DC81782D4D}
2012-10-25 05:01 - 2012-07-10 11:02 - 00000916 ____A C:\Users\Public\Desktop\Netzmanager.lnk
2012-10-25 05:01 - 2012-07-10 11:02 - 00000916 ____A C:\Users\All Users\Desktop\Netzmanager.lnk
2012-10-25 05:01 - 2012-07-10 11:02 - 00000000 ____D C:\Users\All Users\Netzmanager
2012-10-25 05:01 - 2012-07-10 11:02 - 00000000 ____D C:\Users\All Users\Application Data\Netzmanager
2012-10-25 05:00 - 2012-07-10 11:02 - 00000000 __HDC C:\Users\All Users\Application Data\{DD034EDF-8A92-4F84-A64A-26BF9B7AE354}
2012-10-25 05:00 - 2012-07-10 11:02 - 00000000 __HDC C:\Users\All Users\{DD034EDF-8A92-4F84-A64A-26BF9B7AE354}
2012-10-24 18:12 - 2012-10-24 18:12 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2012-10-24 18:12 - 2012-10-24 18:12 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
2012-10-23 13:01 - 2009-10-09 07:06 - 00000000 ____D C:\Windows\uninstall
2012-10-23 12:53 - 2012-10-23 12:53 - 00365400 ____A C:\Windows\Minidump\Mini102312-04.dmp
2012-10-23 12:53 - 2012-08-10 11:25 - 952709964 ____A C:\Windows\MEMORY.DMP
2012-10-23 12:53 - 2012-08-10 11:25 - 00000000 ____D C:\Windows\Minidump
2012-10-23 08:35 - 2011-05-04 10:33 - 00003072 ____A C:\Windows\SysWOW64\Cache.db
2012-10-23 07:08 - 2011-07-25 09:08 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-10-23 07:08 - 2010-11-18 09:56 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2012-10-23 06:29 - 2012-10-23 06:29 - 00620328 ____A C:\Windows\Minidump\Mini102312-03.dmp
2012-10-23 05:06 - 2012-10-23 05:06 - 00489048 ____A C:\Windows\Minidump\Mini102312-02.dmp
2012-10-23 02:15 - 2012-10-23 02:15 - 00569152 ____A C:\Windows\Minidump\Mini102312-01.dmp
2012-10-20 13:42 - 2009-07-06 09:05 - 00000456 ____A C:\Windows\Tasks\PCDRScheduledMaintenance.job


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-10-23 08:37:44
Restore point made on: 2012-10-24 06:21:03
Restore point made on: 2012-10-27 14:50:51
Restore point made on: 2012-10-29 15:29:13
Restore point made on: 2012-10-30 13:11:54
Restore point made on: 2012-11-01 02:12:29
Restore point made on: 2012-11-02 01:45:36
Restore point made on: 2012-11-06 09:16:01
Restore point made on: 2012-11-10 04:23:52
Restore point made on: 2012-11-10 04:31:59
Restore point made on: 2012-11-10 04:38:09
Restore point made on: 2012-11-10 04:42:30
Restore point made on: 2012-11-11 03:32:51

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 6142.33 MB
Available physical RAM: 5274.34 MB
Total Pagefile: 5714.49 MB
Available Pagefile: 5251.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: (HP) (Fixed) (Total:582.33 GB) (Free:210.89 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.84 GB) (Free:1.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (Daten) (Fixed) (Total:596.17 GB) (Free:325.13 GB) NTFS
9 Drive k: () (Removable) (Total:14.93 GB) (Free:14.18 GB) FAT32
10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Datentr ### Status GrӇe Frei Dyn GPT
-------- ---------- ------- ------- --- ---
0 Online 596 GB 0 B
1 Online 596 GB 0 B
2 Kein Mediu 0 B 0 B
3 Kein Mediu 0 B 0 B
4 Kein Mediu 0 B 0 B
5 Kein Mediu 0 B 0 B
6 Online 15 GB 0 B



Last Boot: 2012-11-15 09:36

==================== End Of Log =============================

Alt 19.11.2012, 07:30   #8
Psychotic
/// Malwareteam
 
Cyer police Sperre - Standard

Cyer police Sperre



Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument
Code:
ATTFilter
HKU\Admin\...\Run: [gzkmgyckzfscuif] C:\ProgramData\gzkmgyck.exe [62976 2012-11-15] ()
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\datamngr.dll C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll 

2 SearchAnonymizer;

C:\ProgramData\gzkmgyck.exe
C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll
C:\Users\Admin\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
C:\Users\Admin\0.279950476258064.exe
C:\Users\All Users\Application Data\egabnywdhryaovg
C:\Users\All Users\egabnywdhryaovg
C:\Users\All Users\Application Data\gzkmgyck.exe
C:\Users\All Users\juesofuqzenvnac
C:\Users\All Users\Application Data\juesofuqzenvnac
         
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST64.exe erneut und klicke den Fix Button.
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.


Startet der Rechner nun wieder?
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 26.11.2012, 08:41   #9
Psychotic
/// Malwareteam
 
Cyer police Sperre - Standard

Cyer police Sperre



Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 28.11.2012, 15:24   #10
Psychotic
/// Malwareteam
 
Cyer police Sperre - Standard

Cyer police Sperre



Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Antwort

Themen zu Cyer police Sperre
babylontoolbar, bandoo, bingbar, heute, incredibar toolbar, install.exe, intranet, mehrfach, morgen, nvidia update, plug-in, police, polizei, polizei trojaner, scan, searchcore, sperre, tarma, troja, trojaner, wildtangent games, winload toolbar, yontoo




Ähnliche Themen: Cyer police Sperre


  1. Win7 GVU Sperre
    Log-Analyse und Auswertung - 19.02.2013 (10)
  2. PC Sperre - Bundespolizei
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (9)
  3. AKM Virus,PC-Sperre
    Plagegeister aller Art und deren Bekämpfung - 08.05.2012 (3)
  4. AKM Virus,PC-Sperre
    Plagegeister aller Art und deren Bekämpfung - 07.05.2012 (5)
  5. 50€ Windows sperre
    Log-Analyse und Auswertung - 14.02.2012 (1)
  6. BKA UCASH Sperre
    Plagegeister aller Art und deren Bekämpfung - 29.04.2011 (9)
  7. Sperre wegen Spammails??????
    Überwachung, Datenschutz und Spam - 23.01.2007 (7)
  8. 0193-Sperre
    Antiviren-, Firewall- und andere Schutzprogramme - 20.10.2003 (5)
  9. 0193-Sperre
    Antiviren-, Firewall- und andere Schutzprogramme - 20.10.2003 (0)

Zum Thema Cyer police Sperre - Ich habe heute morgen den Polizei Trojaner, der hier chon mehrfach erwähnt wurde, eingefangen. Ich habe auch schon mit Hilfe von OTL einen Scan durchgeführt. Hilfe, wie geht es nun - Cyer police Sperre...
Archiv
Du betrachtest: Cyer police Sperre auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.